So, IMA/EVM changes should be optional, with warning that ima-evm-utils must be patched as well. Probably, will be impossible push this patch into ima-evm-utils upstream, at least till PAX will not be incuded in kernel upstream...